The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

As many as seven security vulnerabilities have been disclosed in PTC's Axeda software that could be weaponized to gain unauthorized access to medical and IoT devices. Collectively called " Access:7 ," the weaknesses – three of which are rated Critical in severity – potentially affect more than  150 device models  spanning over 100 different manufacturers, posing a significant supply chain risk. PTC's Axeda solution includes a cloud platform that allows device manufacturers to establish connectivity to remotely monitor, manage and service a wide range of connected machines, sensors, and devices via what's called the agent, which is installed by the OEMs before the devices are sold to customers. "Access:7 could enable hackers to remotely execute malicious code, access sensitive data, or alter configuration on medical and IoT devices running PTC's Axeda remote code and management agent," researchers from Forescout and CyberMDX said in a joint report...

Unpatched software is a computer code containing known security weaknesses. Unpatched vulnerabilities refer to weaknesses that allow attackers to leverage a known security bug that has not been patched by running malicious code. Software vendors write additions to the codes, known as "patches," when they come to know about these application vulnerabilities to secure these weaknesses. Adversaries often probe into your software, looking for unpatched systems and attacking them directly or indirectly. It is risky to run unpatched software. This is because attackers get the time to become aware of the  software's unpatched vulnerabilities  before a patch emerges. A  report  found that unpatched vulnerabilities are the most consistent and primary ransomware attack vectors. It was recorded that in 2021,  65  new vulnerabilities arose that were connected to ransomware. This was observed to be a twenty-nine percent growth compared to the number of vulnerabilitie...

Linux distributions are in the process of issuing patches to address a newly disclosed security vulnerability in the kernel that could allow an attacker to overwrite arbitrary data into any read-only files and allow for a complete takeover of affected systems. Dubbed " Dirty Pipe " (CVE-2022-0847, CVSS score: 7.8) by IONOS software developer Max Kellermann, the flaw "leads to privilege escalation because unprivileged processes can inject code into root processes." Kellermann said the bug was discovered after digging into a support issue raised by one of the customers of the cloud and hosting provider that concerned a case of a "surprising kind of corruption" affecting web server access logs. The Linux kernel flaw is said to have existed since  version 5.8 , with the vulnerability sharing similarities to that of  Dirty Cow  (CVE-2016-5195), which came to light in October 2016. "A flaw was found in the way the 'flags' member of the new pip...

Details have been disclosed about a now-addressed critical vulnerability in Microsoft's  Azure Automation  service that could have permitted unauthorized access to other Azure customer accounts and take over control. "This attack could mean full control over resources and data belonging to the targeted account, depending on the permissions assigned by the customer," Orca Security researcher Yanir Tsarimi  said  in a report published Monday. The flaw potentially put several entities at risk, including an unnamed telecommunications company, two car manufacturers, a banking conglomerate, and big four accounting firms, among others, the Israeli cloud infrastructure security company added. The Azure Automation service  allows  for process automation, configuration management, and handling operating system updates within a defined maintenance window across Azure and non-Azure environments. Dubbed " AutoWarp ," the issue affects all users of the Azure Automa...

Researchers have disclosed details of critical security vulnerabilities in TerraMaster network-attached storage (TNAS) devices that could be chained to attain unauthenticated remote code execution with the highest privileges. The issues reside in TOS, an abbreviation for TerraMaster Operating System, and "can grant unauthenticated attackers access to the victim's box simply by knowing the IP address," Ethiopian cyber security research firm Octagon Networks ' Paulos Yibelo said in a statement shared with The Hacker News. TOS is the  operating system  designed for TNAS appliances, enabling users to manage storage, install applications, and backup data. Following responsible disclosure, the flaws were patched in  TOS version 4.2.30  released last week on March 1, 2022. One of the issues, tracked as CVE-2022-24990, concerns a case of information leak in a component called "webNasIPS," resulting in the exposure of TOS firmware version, the default gateway in...

Cyber-attacks keep increasing and evolving but, regardless of the degree of complexity used by hackers to gain access, get a foothold, cloak their malware, execute their payload or exfiltrate data, their attack will begin with reconnaissance. They will do their utmost to uncover exposed assets and probe their target's attack surface for gaps that can be used as entry points. So, the first line of defense is to limit the potentially useful information available to a potential attacker as much as possible. As always, the tug of war between operational necessity and security concerns needs to be taken into account, which requires a better understanding of the type of information typically leveraged. What information are hackers looking for during recon? When running recon on an organization, hackers – whether white or black hats - are "casing a joint." To plan their attack, they will try and uncover as much information as possible about: Your infrastructure The types ...

Ukraine's Computer Emergency Response Team (CERT-UA) warned of new phishing attacks aimed at its citizens by leveraging compromised email accounts belonging to three different Indian entities with the goal of compromising their inboxes and stealing sensitive information. The agency  cautioned  that the emails arrive with the subject line "Увага" (meaning "Attention") and claim to be from a domestic email service called Ukr.net, when in actuality, the email address of the sender is "muthuprakash.b@tvsrubber[.]com." The messages purportedly warn the recipients of an unauthorized attempt to log in to their accounts from an IP address based out of the eastern Ukrainian city of Donetsk, further prompting them to click on a link to change their passwords with immediate effect. "After following the link and entering the password, it gets to the attackers," CERT-UA noted in a Facebook post over the weekend. "In this way, they gain access to ...

The threat actor behind a nascent Android banking trojan named  SharkBot  has managed to evade Google Play Store security barriers by masquerading as an antivirus app. SharkBot, like its malware counterparts  TeaBot ,  FluBot , and  Oscorp  (UBEL), belongs to a category of financial trojans capable of siphoning credentials to initiate money transfers from compromised devices by circumventing multi-factor authentication mechanisms. It first emerged on the scene in November 2021. Where SharkBot stands apart is in its ability to carry out the unauthorized transactions via Automatic Transfer Systems (ATS), which stands in contrast to TeaBot, which requires a live operator to interact with the infected devices to conduct the malicious activities. "The ATS features allow the malware to receive a list of events to be simulated, and they will be simulated in order to do the money transfers," Alberto Segura and Rolf Govers, malware analysts at cybersecurity fir...